Employee Internet Use Policy – Does Your Business Have One?

Do you have employees who use your computers and telecommunications equipment to access the Internet?

Do they send emails?

Another question: Did you know that an employer can be responsible for emails sent under its name? The doctrine of vicarious liability applies equally to emails as it does to other forms of correspondence. It means that if the recipient of an email reasonably believes that the email has been sent by someone representing the sender, he/she is entitled to take the contents of that email as representing the views of the sending company.

Personal use of telephones, mobiles, copiers, faxes etc pale into insignificance compared with the problems that can result from non-business, improper and unauthorised use of the Internet or email. It’s a strange fact that whilst few employees would ever consider sending their personal letters on their employer’s letterhead, that’s exactly what they do when they use business email to send personal messages.

Should you have an Internet Use Policy?

Should businesses have an Internet Use Policy? In my view they should. Internet Use includes not only surfing the web but also sending and receiving email, page and file downloads, viruses and anything else that is available online. An Internet Use Policy is about sending and receiving, who owns what, and what kind of monitoring should employees expect.

When setting an Internet use Policy, the most important points are that the Employer needs to:

state what is and is not appropriate use of the Internet, email, and other electronic resources;

state what the consequences are of breaking the policy;

protect itself, its employees, and its assets from misuse of electronic communication resources.

Employers should provide their employees with clear guidelines about which uses of the Internet are proper, and which uses are not. Employees need to be educated in the potential risks involved when sending emails or accessing the Internet. A clear policy that is enforced will help the employer reduce its risk of liability from improper Internet use.

Sending a few personal emails may not cost an employer much in lost productivity, but it raises several legal and moral issues:

Emails are not confidential, and can be read by users with appropriate permission or expertise.

The use of the “Reply All” key in place of the “Reply” key could result in an email being sent to an inappropriate recipient list.

Opening email attachments from a dubious source may cause a virus or malware to be downloaded to your system. New viruses are created daily, and even the most sophisticated virus checking software cannot guarantee to block all insidious programs.

Opening emails from an unknown source may result in information about your system being uploaded to the mail sender. This information can then be used for sending “spam” mail.

Downloading files from websites can import viruses and malware.

Information that identifies the “surfing” system can be registered when accessing a website. This could have legal implications if the site contains illegal matter.

Though legislation on Internet use is still in its infancy, employers face a possible legal liability for the Internet use of their employees.

Employee emails that offend or harass recipients could see employers facing legal action.

Emails have the same legal standing as other forms of communication to and from a company. Their inadvertent misuse could result in binding contracts being created.

Employers might also be liable for any other unlawful use of company IT resources – for example, if employees infringe copyright law by downloading and disseminating publications.

Formulating and disseminating an Internet use policy and the implementation of appropriate disclaimers on all external emails will reduce your legal risks as an employer.

Internet connectivity is almost ubiquitous among organisations across the world. The speed of access to the Internet at work combined with unsupervised time and little or no accountability adds up to hours of non-work-related web surfing and millions of £s in lost productivity. An average of 30% to 40% of employee Internet activity is not business related. Without an Internet use policy, your business is legally responsible for all such activity.

Drawing up Your Policy

An Internet Use policy need not be a lengthy document. It just needs to be clear and consistent about what your business does and does not accept. It should contain information on the disciplinary consequences of any policy breaches thus making it easier to take action against an employee who steps out of line.

Action Points

You could include the policy in employee induction manuals and ask your employees to sign off on the policy to indicate that they have read and understood it.

You can also monitor the IT use of your employees with special software. However, take care – there are legal issues you need to be aware of. If employees are monitored without their knowledge, their privacy rights may be breached.

Negative Aspects of Monitoring

Telling your employees that they are subject to monitoring may reduce the chances of a privacy breach, but it could also have a negative effect on their productivity. People tend to work differently when they are being monitored, as they often feel more self-conscious.

Another problem with monitoring is that someone needs to do it. Software might scan for obscene language, for example, and some software will block out porn or gambling websites. But no software program can adequately assess whether an email is defamatory. Somebody would need to sift through a lot of material to monitor even a fraction of the electronic traffic that circulates in an office of any size.

But while the contents of the Internet Use Policy may vary from business to business, it’s clear that every organisation should have one.

Employment experts ACAS provide a guide to Social Media use, which can be found here.

There’s an Internet Use Policy as part of Bizezia’s Work Manual. If you email me at mpollins@bizezia.com, putting Internet Use Policy in the subject line, I’ll send you a specimen of the policy.

Closing words

In closing this paper, I should mention a few things about Work Manual. With it, you can create your own office policies and procedures manual on a fully-editable online system. Additionally, for example if you are an accountant or other advisory firm, you can use Work Manual to create office policies and procedures manuals as an additional fee-generating service to your clients.

Work Manual now comes with templates for Contracts of Employment, Written Employment Particulars and a comprehensive editable Job Description Library as well as optional additional work policies.

Martin Pollins is a Chartered Accountant with wide experience in corporate finance and business management. He holds a number of directorships and has served on the boards of several companies, including those listed on the London Stock Exchange, AIM and OFEX.

He was a Council member of the Institute of Chartered Accountants in England and Wales from 1988 to 1996.

Martin Pollins ran his own firm based in Sussex and was the first Accountancy firm in the UK to advertise on television and Martin went on to create and launch the CharterGroup Partnership (the UK's first Accountancy network) and then LawGroup UK (one of the largest networks of lawyers in the country).

Martin started work on the Bizezia concept in 1996, developing the broad range of information resources and products over the past 18 years.